Risk and compliance are top management priorities at TransUnion, enabling the ways we protect customer data, foster trust in our solutions, engage with consumers, conduct business with our customers and interact with third parties.
TransUnion’s Chief Risk and Compliance Officer manages the everyday operations of the risk management and compliance programs and reports to the enterprise Chief Legal Officer, who oversees the company’s Risk Management Framework (RMF) and Compliance Management System (CMS) in conjunction with executive leadership.
Risk Management Framework
TransUnion’s leadership recognizes taking risk is inherent in our ability to provide services that make trust possible and deliver on our mission of Information for Good®.
TransUnion takes a considered approach to risk decisions, and aims to balance risk and reward as we seek to optimize our experiences with consumers and customers. In doing so, we will manage risk in keeping with the risk framework, mitigate undue risks to a manageable level and maintain risk within established thresholds and in keeping with the principles of Information for Good® — unless formally accepted through appropriate governance.
TransUnion’s Global Risk Appetite Statement — approved by TransUnion’s Board of Directors — summarizes our approach to taking, managing and responding to risks, and provides parameters to guide management on risk decisions.
Directing: Our risk policies and procedures set boundaries for taking risks within the boundaries of the Global Risk Appetite Statement approved by the Board.
Organizing: The Risk Management Framework supports organized processes, procedures and methodologies which help our teams to effectively manage risk in a consistent way across the business.
Managing: We manage risk by establishing controls to mitigate identified risks and execute an Issue Management process to drive any necessary enhancements to controls.
Monitoring: Measures business processes and outcomes to ensure controls are operating effectively.
Reporting: Our Risk Management program reports key risk themes and performance metrics to risk governance committees.
Risk review and escalation
Our Enterprise Risk Management Committee (ERMC) sets TransUnion’s risk strategy and helps prioritize risk management activities across the company. The ERMC is chaired by the Chief Risk & Compliance Officer, and is comprised of the Chief Executive Officer, his direct reports and other key function heads or senior subject matter experts. Any key issues raised by the ERMC are escalated to the appropriate committee of the Board of Directors. Our International Risk Management Committee (IRMC) reports regularly to the ERMC. The IRMC brings consistency across our regional markets, providing a consolidated view of global risks, issues and challenges. It also enables us to more effectively identify and coordinate solutions for common challenges. In El Salvador, we have a local Committee of Risks that evaluate local risks and compliance with legal requirements.
Information security and privacy risk management
Data security and stewardship is vital to keeping consumers protected and maintaining their trust. TransUnion maintains dedicated technology and risk committees at a Board level. The Technology Committee of the Board of Directors oversees product, data, information technology and innovation. The Technology Committee also oversees major technology investments as well as related systems, projects and processes. At the management level, our Chief Information and Security Officer (CISO) and Chief Privacy Officer (CPO) maintain strategies and programs designed to protect consumers and data assets, align with consumer expectations and comply with all applicable laws.
Climate risk management
Climate change continues to be top of mind for various stakeholders, and understanding the implications to a business over the long term is more important than ever. In 2022, TransUnion partnered with an external consultant to understand our climate risks given our global footprint and industry. We completed the first phase of this study and plan to finish it in the new year.